My daughter's PC is constantly running slow, despite regular defrags, etc. AVG constantly detecting "repeat" viruses, and IE constantly starting up by itself, and trying to connect to web sites, often multiple instances of IE.

AVG reports Kolweb.G / Downloader.Generic4.ZQI / Collected.11.B / SHeur.ZQ / Downloader.Generic5.QB

This is happening every couple of days.

Any assistance gratefully accepted. If I can't fix this, then I have no option but to rebuild from a clean disk ... :-(

Life Live It!

You've just got a piece of spyware that is loaded on that computer. If you download hijackthis.exe from here:

http://www.merijn.org/files/HiJackT...

boot your computer to safe mode and rename the hijackthis_v2.exe file to something random.exe and run it. You'll probably have a couple winlogon: notify c:\windows\system32\something.dll lines in there.

Write back and let me know what you find.

MrExacta -`

I also have a virus / Trojan that AVG detects, deletes, but it returns..

I have a Trojan named> Trojan horse Downloader.Generic4.RGB.. It shows up as being here>

C:\Documents and Settings\Administrator\Application Data\M?crosoft\svchost.exe..

I've tried the Vundofix.exe help program and the VirtuBeGone.exe to no prevail..!! I have Ad-Aware, AVG, WinPatrol, SpyBot S&D.. All find it, but it shows up on my daily AVG scan.. I deleted Internet Explorer, I reinstalled my Java, I only use Firefox to browse.. I'm running Windows 2000... What else do i throw at this nasty..?

sally~

Thanks MrExacta, here is what I found:

O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: xxyvvtq - C:\WINDOWS\SYSTEM32\xxyvvtq.dll

Had trouble getting it, as safe mode kept coming up with the Safe Mode option/start message, to run either Safe Mode or System Restore everytime I executed something?

yes, that's what is slowing you down. I would download killbox:

http://killbox.net/downloads/KillBo...

When you are in safe mode, you need to run killbox and put the first file name (c:\windows\system32\sstqn.dll) into the location window, choose delete on reboot option, and hit the red/white X button.

Repeat with the other file also. Once completed, run HiJackthis again and see if those items show up with (file missing) after both of them. If so, you should be able to delete them from the list.

Make sure those filenames don't show up anywhere else in the HiJackThis log.

MrExacta -`

Thanks Mr Exacta, after a few trials and error, I have removed the two dlls and all references to them. Ran a defrag and cleanup and things have improved. No more messages from AVG, or SpyBot about trojans or viruses.

A question though about another dll:

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xqtyhcle.dll",realset

I have searched for any information on "xqtyhcle.dll" on Google, Yahoo, etc. and can't find any information on it. Also file itself provides no information, Company, version, etc.

Any thoughts?

It looks like a random file name, so it's not a surprise that you can't find any information on it. I would try to delete the entry from HiJackThis, if it won't delete, try the above process through safe-mode.

MrExacta -`